Understanding VRF aware IPv6 Tunnels

The current IPv6 tunneling feature on c7600 does not support Virtual Routing and Forwarding (VRF) awareness. The forwarding table lookups for IPv6 overlay addresses and IPv4 transport addresses are performed in the global routing tables. This feature extends the tunneling support for IPv6 overlay addresses in VRF.

Figure 71-1 illustrates the topology for the IPv6 overlay address in VRF, and the IPv4 transport address in VRF.

Figure 71-1 Topology for VRF aware IPv6 Tunnel

The VRF Aware IPv6 over IPv4 Tunnel can have any line card towards the core facing side.

.

Restrictions for VRF aware IPv6 tunnels

Following restrictions apply to the VRF aware IPv6 tunnels feature:

This feature supports the IPv6IP and 6to4 tunnels mode.

Due to EARL limitation, the same source tunnels across VRFs are not supported.

The tunnel source and the tunnel destination should be in the same VRF instance.

The tunnel IPv4 transport addresses and the physical interface where the tunnel traffic exits, should be in the same VRF instance.

The incoming IPv6 interface and the tunnel should be in the same VRF instance.

This feature does not support IPv6IP auto-tunnels and ISATAP.

Tunnel SSO

An IP tunnel is an IP network communications channel between two networks. It is used to transport another network protocol by packet encapsulation.

The IP Tunnel-SSO feature provides the following benefits:

Cisco Nonstop Forwarding (NSF) works with the Stateful Switchover (SSO): In a distributed system with an active RP and a standby RP, check the necessary state on the standby RP to see if the loss of the packets sent or received on a tunnel interface is eliminated during a switchover.

Note Hardware limitations may result in packet loss.

In-Service Software Upgrade (ISSU): Allows the upgrade or downgrade from a version to another for IOS that supports tunnel HA with minimal packet loss.

Uplink forwarding: Enables the ports on the standby RP of an HA system to switch traffic between tunnel endpoints.

Solve the problems caused by the race conditions in distributed systems: In the current IP tunnel feature, many packets for tunnel forwarding are sent from the RP to line cards using the XDR DRAM. These packets should arrive on the line cards in a particular order, which is not guaranteed every time due to line card inconsistencies. The IP Tunnel-SSO feature helps prevent these race conditions.

Note To minimize packet loss during switchover, all the relative components in the network need to be HA capable.

Configuring VRF aware IPv6 tunnel

Understanding IPv6 over IPv4-GRE Tunnels

IPv6 traffic is carried over IPv4 generic routing encapsulation (GRE) tunnels using the standard GRE tunneling technique. As in the manually configured IPv6 tunnels, GRE tunnels are links between two points, with a separate tunnel for each link. The GRE tunnels provide stable connections that require regular secure communication between two edge routers or between an edge router and an end system. This feature supports VRF Aware IPv6 over IPv4-GRE Tunnel on the c7600, and is applicable only to the ES+ family of line cards.

Figure 71-2 Topology for VRF Aware IPv6 over IPv4-GRE

The VRF Aware IPv6 over IPv4 GRE tunnel must have ES+ line card towards the core facing side.

Restrictions for IPv6 over IPv4-GRE tunnel

Following restrictions apply to the IPv6 over IPv4-GRE tunnel:

The IPv4 tunnel facing interface must be on the ES+ line card.

The GRE tunnel key is not supported in the hardware.

The IPv4 fragmentation after tunnel encapsulations is not supported in the hardware.

The fragmented IPv4 packets for tunnel decapsulations is not supported in the hardware.

The IPv4 GRE keepalives are supported, but the IPv6 GRE keepalives are not supported.

The keepalives are not supported when the VRF instances configured using the vrf forwarding and tunnel vrf commands are different.

Due to EARL limitation, same source tunnels across VRF’s are not supported.

This feature is not SSO compliant.

With scaled configurations, when changing the tunnel mode from IPv6 over GRE to IPv6IP and on enabling the mls mpls tunnel-recirc command, the system displays an error message with a trace back.